Stories
Slash Boxes
Comments

SoylentNews is people

Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud

posted by martyb on Tuesday August 25 2020, @03:12PM   Printer-friendly
from the can't-be-too-careful dept.

upstart writes in with an IRC submission:

Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud:

A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.

According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server.

The malicious iOS SDK has been named "SourMint" by Snyk researchers.

"The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information."

"Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application," Miller added.

Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK (6.3.5.0), with the first version of the malicious SDK dating back to July 17, 2019 (5.5.1). The Android version of the SDK, however, doesn't appear to be affected.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by barbara hudson on Wednesday August 26 2020, @12:28AM (4 children)

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Wednesday August 26 2020, @12:28AM (#1041879) Journal

    Simple solution - do your banking by phone (interactive voice menus), not the Internet. Don't install games. Block all images in your browser. For news, use an app like The Guardian, , turn on Internet access, download just the text diffs of the news, then turn off internet access to the app. No images, no tracking while you spend the next hour reading everything, because text-only supplies a lot more information per byte than images, logos, etc. And you'll never see an ad because you have to be connected to actually download the dynamic ads.

    People who have screen after screen after screen of apps need to be far more selective. And get a life

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Wednesday August 26 2020, @01:20AM (3 children)

    by Anonymous Coward on Wednesday August 26 2020, @01:20AM (#1041905)

    Please! It's not worth the hassle. Just use burner email...

    And... Try our new *JBiden Network Sniffer*™ to find those nasty old spyware cooties!

    • (Score: 2) by barbara hudson on Wednesday August 26 2020, @02:00AM (2 children)

      by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Wednesday August 26 2020, @02:00AM (#1041931) Journal
      What hassle. It's just a minute to disable all images in browsers. No more auto-play videos, no emojis, no social media icons, no irrelevant stock graphics illustrating news stories. No ads. Your mobile data plan just goes on and on and on. All of a sudden, a basic 2-gig data plan lasts a month with unused data rolling over into the next month, instead of cutting out early.

      No more looking for a wifi hotspot to help save mobile data, along with their tracking you.

      A one-minute one-time adjustment that can save you hundreds of dollars a year in data overages and cut down on tracking. How is that "too much of a hassle?" How is not having to deal with ads and auto play videos too much of a hassle? How is a more responsive browser too much of a hassle? How is doubling your battery life too much of a hassle?

      --
      SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

      • (Score: 0) by Anonymous Coward on Wednesday August 26 2020, @03:53AM

        by Anonymous Coward on Wednesday August 26 2020, @03:53AM (#1041984)

        I guess you will never understand. I just wanna turn the thing on and go. Just put in a burner email and done! I don't want to spend half the day reading a bunch of mumbo jumbo in tiny little fonts on a tiny little screen doing phony baloney "privacy" shit. Anything goes wrong, and the neighbor's kid can fix it for me. And who uses a damn browser on a damn phone anyway? What kind of masochist do you have to be to do that??

      • (Score: 2) by etherscythe on Wednesday August 26 2020, @11:40PM

        by etherscythe (937) on Wednesday August 26 2020, @11:40PM (#1042443) Journal

        If only it were so simple. Pages these days often use graphics to create the menus you use to navigate. If you see fifty placeholders on a site with no ALT text, how do you know which link you want? Hover over it with your cur- oh, wait.

        --
        "Fake News: anything reported outside of my own personally chosen echo chamber"